Windows 8 and 8.1 Forums


Windows Phones open to hackers connecting to rogue Wi-Fi

  1. #1


    Posts : 22,583
    64-bit Windows 10

    Windows Phones open to hackers connecting to rogue Wi-Fi


    A new Microsoft security advisory warns that smartphones running the Windows Phone operating system could be susceptible to infiltration when connecting to a rogue Wi-Fi hotspot.

    A rogue access point, also known as a rogue AP, is a Wi-Fi access point installed on a network, operating without authorization and not under the control of a systems administrator. If installed, rogue APs could allow anyone to connect to your network through Wi-Fi, and may not adhere to WLAN security policies.

    The bulletin, advisory 2876146, says that hackers could exploit a known weakness in the Wi-Fi authentication protocol known as PEAP-MS-CHAPv2 (Protected Extensible Authentication Protocol with Microsoft Challenge Handshake Authentication Protocol version 2). The protocol is used in Windows Phones for WPA2 wireless authentication
    .
    Read more at: Windows Phones open to hackers when connecting to rogue Wi-Fi | ZDNet

      My System SpecsSystem Spec

  2. #2


    Hafnarfjörður IS
    Posts : 4,376
    Linux Centos 7, W8.1, W7, W2K3 Server W10


    Hi there .

    I'm surprised this type of problem hasn't been reported on ANDROID as well -- Android apps are totally without any sort of decent QC and I see on a visit to central London recently that the City of Westminster now expects you to pay for parking via an ANDROID APP where you send by PLAIN TEXT credit card details etc etc. NOOOOOOOOOOOO THAAAAANKS -- I'll rather pay the fine MANUALLY.

    Cheers
    jimbo
      My System SpecsSystem Spec

  3. #3


    This is an exploit of the authentication protocol, namely PEAP-MS-CHAPv2, that used with wifi access points with WPA2 based encryption. The same authentication protocol is used by Android and I believe Apple iOS as well. Authentication credentials transferred through "rogue" access point captures the encrypted credentials that are decrypted later, and used to connect directly to the corporate network with the stolen credentials.

    Requiring certificate to authenticate the AP is a standard security measure in corporate wifi networks that prevents sending the PEAP-MS-CHAPv2 authentication to the rogue AP. This is a none issue for any of the platforms, if the access and end points had been setup correctly...
      My System SpecsSystem Spec

  4. #4


    Sloe Deth, Californicatia
    Posts : 3,908
    Windows 8 Pro with Media Center/Windows 7


    That's why I still use original WPA psk- Nobody has been able to come up with a way of connecting to secured WPA Wifi. The old WEP was hacked instantly, I can download iPhone apps that can bust in to any secured WEP. I've never tried them, because nobody uses WEP anymore.
      My System SpecsSystem Spec

  5. #5


    Yucaipa, California, USA
    Posts : 130
    Windows 8.1 Pro w/ WMC x64


    Quote Originally Posted by XweAponX View Post
    That's why I still use original WPA psk- Nobody has been able to come up with a way of connecting to secured WPA Wifi. The old WEP was hacked instantly, I can download iPhone apps that can bust in to any secured WEP. I've never tried them, because nobody uses WEP anymore.
    Your probably better off using WPA 2 with AES. WPA1 is known to be brute forced easily* in not using at least a 13 digit random key combination.

    * This usually only applies in LAB oriented studies where multiple clusters of GPUs can crack WPA1 keys.
      My System SpecsSystem Spec

  6. #6


    Sloe Deth, Californicatia
    Posts : 3,908
    Windows 8 Pro with Media Center/Windows 7


    Well I don't think I have to worry about that in my neighborhood, I don't think any of my neighbors have multiple clusters of GPUs. Any encryption can be busted into given the technology and the TIME. That's what Brute Force approaches need. Even RAR cracking tools, need 1) A Huge dictionary and 2) Lots and lots of time. I've never busted into a password encrypted RAR file and once I left a decryption program running for a week. Don't worry, I made the RAR file myself and passworded it myself, I was just trying to find good software to break into it. I could not find ANY software that has been successful in busting into RAR files - And breaking into WPA is much the same.

    For some reason, WEP could be broken in to easily.
      My System SpecsSystem Spec

Windows Phones open to hackers connecting to rogue Wi-Fi
Related Threads
I went through the tutorials carefully and am unable to get these random networks off that showed up in the pane while I was logging onto an airport's network. They don't appear in the settings choice to ignore. Makes me uneasy to have 6 other folks' networks there.
I installed the latest Nvidia display driver last week. After the reboot there was the green win 8 logo then the screen went black and stayed that way. I left it running for an hour and it stayed that way though the mouse cursor moved against the black background. I did a restore from a backup...
Apple IPads Neutered for U.S. Government in CACI Mobile Push - Bloomberg Has anyone in the White House told the Pres about the Surface? Or don't they care? Bill et al, you're needed in Washington!
During the Customer Preview (CP for short) I ran Windows 8 in a Virtual Machine on a Windows 7 system. When the preview was over I simply deleted the image of the Win8 system. Now that I have Windows 8 Pro, I've joined my Homegroup and now the CP install I had been running on the homegroup as...
Hi there Ms is barking up the wrong tree trying to get Nokia on board -- Android for SAMSUNG and HTC and of course APPLE's own Iphone have now relagated Nokia to not even "Also Ran" status. I don't know ANYBODY who would even LOOK at a Nokia phone any more --never mind about even THINKING about...
"Microsoft today delivered six security updates to patch 11 vulnerabilities in Windows, Internet Explorer (IE), Office and several other products, including one bug that attackers are already exploiting." - 4/10/2012 ...
Eight Forums Android App Eight Forums IOS App Follow us on Facebook